From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <declan.doherty@intel.com>
Received: from mga03.intel.com (mga03.intel.com [134.134.136.65])
 by dpdk.org (Postfix) with ESMTP id 1E3292C31
 for <dev@dpdk.org>; Wed, 13 Jul 2016 17:58:51 +0200 (CEST)
Received: from fmsmga001.fm.intel.com ([10.253.24.23])
 by orsmga103.jf.intel.com with ESMTP; 13 Jul 2016 08:58:50 -0700
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.28,357,1464678000"; d="scan'208";a="1006104630"
Received: from dwdohert-dpdk.ir.intel.com ([163.33.210.152])
 by fmsmga001.fm.intel.com with ESMTP; 13 Jul 2016 08:58:50 -0700
To: Thomas Monjalon <thomas.monjalon@6wind.com>
References: <1464183292-24280-1-git-send-email-piotrx.t.azarewicz@intel.com>
 <21237364.CLn9ZV8ln9@xps13>
 <4837007523CC9A4B9414D20C13DE6E64136D27B2@IRSMSX102.ger.corp.intel.com>
 <1838303.IRcXQLJGt7@xps13>
Cc: "Azarewicz, PiotrX T" <piotrx.t.azarewicz@intel.com>, dev@dpdk.org
From: Declan Doherty <declan.doherty@intel.com>
Message-ID: <8e1ab920-576e-39dc-93c2-ef97b9f94a51@intel.com>
Date: Wed, 13 Jul 2016 16:54:18 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101
 Thunderbird/45.1.1
MIME-Version: 1.0
In-Reply-To: <1838303.IRcXQLJGt7@xps13>
Content-Type: text/plain; charset=windows-1252; format=flowed
Content-Transfer-Encoding: 7bit
Subject: Re: [dpdk-dev] [PATCH v1 1/1] examples/l2fwd-crypto: improve random
 key generator
X-BeenThere: dev@dpdk.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: patches and discussions about DPDK <dev.dpdk.org>
List-Unsubscribe: <http://dpdk.org/ml/options/dev>,
 <mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://dpdk.org/ml/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <http://dpdk.org/ml/listinfo/dev>,
 <mailto:dev-request@dpdk.org?subject=subscribe>
X-List-Received-Date: Wed, 13 Jul 2016 15:58:52 -0000

On 07/11/2016 03:17 PM, Thomas Monjalon wrote:
> 2016-06-08 07:46, Azarewicz, PiotrX T:
>>> 2016-05-25 15:34, Piotr Azarewicz:
>>>> This patch improve generate_random_key() function by replacing rand()
>>>> function with reading from /dev/urandom.
>>>>
>>>> CID 120136 : Calling risky function (DC.WEAK_CRYPTO)
>>>> dont_call: rand should not be used for security related applications,
>>>> as linear congruential algorithms are too easy to break
>>>>
>>>> Coverity issue: 120136
>>>>
>>>> Signed-off-by: Piotr Azarewicz <piotrx.t.azarewicz@intel.com>
>>>
>>> Is it relevant for this example?
>>
>> Maybe not. But it don't break anything, and in the end make Coverity tool happy.
>>
>> Declan, please share your opinion.
>
> Declan?
>

sorry I'm missed this thread. While not strictly necessary for the 
example app, I don't see a problem applying it, as coverity points out 
it is a bad idea to use rand() for crypto purposes.

Declan